sqli_union_extract

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden and excels by disclosing key behavioral traits: it specifies the return values (column_count, string_columns, db_name, db_version, tables, user_columns), side effects ('read-only GET requests'), and performance characteristics ('sends ~30 requests depending on column count'). This provides comprehensive insight into the tool's operation and impact.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is efficiently structured with a clear step-by-step breakdown, followed by return values and side effects. Every sentence adds value without redundancy, making it easy to scan and understand the tool's purpose and behavior quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of a multi-step SQL injection tool with no annotations and no output schema, the description does an excellent job covering behavior, returns, and side effects. However, it could slightly improve by mentioning error handling or what happens if the target isn't vulnerable, but overall it's highly complete for the context.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The schema description coverage is 100%, so the schema already documents all three parameters (url, parameter, max_columns) adequately. The description doesn't add any additional meaning or context about the parameters beyond what the schema provides, such as examples of vulnerable parameters or guidance on setting max_columns. This meets the baseline for high schema coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('step-by-step UNION-based data extraction') and enumerates the exact steps (finding column count, identifying string columns, extracting database info, listing tables/columns). It distinguishes itself from sibling tools like sqli_blind_boolean or sqli_login_bypass by focusing on UNION-based extraction rather than blind or authentication bypass techniques.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage context through the step-by-step process and mentions it's for UNION-based extraction, which suggests it should be used when SQL injection vulnerabilities are suspected. However, it doesn't explicitly state when to use this tool versus alternatives like sqli_blind_boolean or sqli_file_read, nor does it mention prerequisites or exclusions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.